In plugin WordPress ah oo leh in ka badan 700 kun oo rakibayaal firfircoon, nuglaanta u ogolaanaysa amarrada aan sabab lahayn iyo qoraallada PHP in lagu fuliyo server-ka. Arrinku wuxuu ka muuqdaa Maareeyaha Faylka wuxuu sii daayaa 6.0 illaa 6.8 waxaana lagu xalliyaa siidaynta 6.9.
Furaha Maareeyaha Faylka ayaa siiya agabka maaraynta faylka maamulaha WordPress, isaga oo u isticmaalaya maktabadda lagu daray wax-ka-beddelka heerka hoose . Koodhka isha ee maktabadda elFinder waxaa ku jira faylal leh tusaalooyin kood ah, kuwaas oo lagu bixiyo buugga shaqada oo leh kordhinta ".dist". Nuglaanta waxaa keenay xaqiiqda ah in markii maktabadda la raray, faylka "connector.minimal.php.dist" loo beddelay "connector.minimal.php" oo noqday mid diyaar u ah in la fuliyo marka la dirayo codsiyada dibadda. Qoraalka la cayimay wuxuu kuu ogolaanayaa inaad sameyso wax kasta oo hawlgal ah oo wata faylal (load, open, editor, rename, rm, iwm.) in WordPress oo ku socodsii kood aan sabab lahayn.
Waxa khatarta ka sii daraysa waa baylahdu waa horeba si loo fuliyo weerarro iswada, inta lagu guda jiro sawirka ka kooban koodka PHP waxaa lagu dhejiyaa "plugins/wp-file-manager/lib/files/" directory iyadoo la adeegsanayo amarka "upload", kaas oo markaa loo beddelayo qoraal PHP ah oo magaciisu yahay si aan kala sooc lahayn loo doortay oo ka kooban qoraalka "adag" ama "x.", tusaale ahaan, hardfork.php, hardfind.php, x.php, iwm.). Marka la fuliyo, koodhka PHP wuxuu ku darayaa albaabka dambe ee /wp-admin/admin-ajax.php iyo /wp-includes/user.php faylasha, taasoo siinaya weeraryahannada marin u helka maamulaha goobta. Hawlgalka waxaa lagu fuliyaa iyadoo loo dirayo codsi POST faylka "wp-file-manager/lib/php/connector.minimal.php".
Waxaa xusid mudan in la jabsaday ka dib, marka lagu daro ka bixitaanka albaabka dambe, isbedel ayaa la sameeyaa si loo ilaaliyo wicitaanada dheeraadka ah ee faylka connector.minimal.php, kaas oo ka kooban nuglaanta, si loo xakameeyo suurtagalnimada weerarrada kale ee server-ka.
Isku daygii ugu horreeyay ee weerar waxaa la ogaaday Sebtembar 1 saacadu markay ahayd 7 subaxnimo (UTC). IN
12:33 (UTC) soosaarayaasha plugin Manager File ayaa soo saaray balastar. Sida laga soo xigtay shirkadda Wordfence ee aqoonsatay dayacanka, dab-damiskooda ayaa xannibay ilaa 450 kun oo isku day ah si looga faa'iidaysto nuglaanta maalintii. Baadhitaan shabakadeed ayaa muujisay in 52% ee goobaha isticmaala plugin this aan weli la cusbooneysiin oo ay sii ahaan kuwa nugul. Ka dib marka la rakibo cusboonaysiinta, waxaa macno leh in la hubiyo log server-ka http ee wicitaanada qoraalka "connector.minimal.php" si loo go'aamiyo in nidaamka la jabsaday.
Intaa waxaa dheer, waxaad ogaan kartaa sii deynta sixitaanka kaas oo soo jeediyay .
Source: opennet.ru